Paris Hilton and you

It didn't require a California law for data-theft victims to be notified after Paris Hilton's phone book hit the Web a week ago. Oh, they knew. Dozens of celebs, ranging from rapper Eminem to tennis babe Anna Kournikova, suffered through hundreds of calls from fans, pranksters and anyone else who found the contents of Hilton's T-Mobile cell phone on the Internet. There were also snapshots, to-do lists and transcripts of Hilton's text-messaging chats. But what caught headlines were the phone numbers of all those poor, beleaguered B-listers, suddenly out there where any nobody with a dialing finger could call them.

C'mon, stop snickering. I'm getting to a serious point here.

See, Hilton thought all that personal data was on her cell phone, tucked safely away in her ... well, wherever she keeps it. But she was wrong. The data's real home was on T-Mobile's servers. Her Sidekick II phone stored the data there automatically, just as it was designed to.

That arrangement means the data won't be lost if the phone is damaged or the batteries die. But it also means that if anyone were to hack into T-Mobile's servers, they'd have access to whatever Hilton put in her phone: pictures, documents, phone numbers, the works.

And T-Mobile's servers have a history of being hacked. In October 2003, intruders got into T-Mobile's customer databases and acquired passwords and other information that, in turn, let the bad guys access customer accounts. Hilton's account information was reportedly compromised at that time.

So was account information for a hotshot U.S. Secret Service agent, Peter Cavicchia. Cavicchia didn't store the numbers of celebrity friends on his phone -- that is, on T-Mobile's servers. He stored material linked to ongoing Secret Service criminal investigations.

According to the New York Daily News, that allowed one or more hackers to access numerous Secret Service documents, including reports, requests for subpoenas and a confidential treaty with Russia.

Cavicchia has since left the Secret Service, which says the security breach didn't compromise any ongoing investigations. And last week 22-year-old Nicholas Jacobsen pleaded guilty to the 2003 T-Mobile break-in. He'll be sentenced in May.

Now think: If a Secret Service agent stored sensitive information on his phone, how many of your users have likely done the same thing? And even if you've warned them to guard their phones carefully, how many have unknowingly stored sensitive company documents or data on a cell phone company's servers, where the only thing standing between that data and hackers is security you have no control over?

You can't protect that information. You don't even know what information is at risk. And your users don't even know it is at risk.

Not snickering now, are you? We're not talking about glitterati inconvenience and embarrassment any more. This is about your job: protecting your company's data.

What can you do? You could ban the use of state-of-the-art cell phones (which won't work). Or you could carefully audit every user's phone account for security (which would add a huge amount of work).

Or you can once again take on the challenge of educating your users. You can explain the risks of storing company data on their phones. And offer guidance about what data is safest to keep on which phones. And encourage them to consult with IT to keep potential problems to a minimum.

Yes, that's still a big job. It will require educating yourself on cell phone risks, too. But if you can get users to understand what's on the line, maybe you can get them to help you keep that data secure instead of fighting you.

After all, you don't really want to end up like Paris Hilton, do you?

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Frank Hayes

Computerworld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?